Common questions about Azure VMware Solution

This article answers commonly asked questions about Azure VMware Solution.


What is Azure VMware Solution?

As enterprises pursue IT modernization strategies to improve business agility, reduce costs, and accelerate innovation, hybrid cloud platforms have emerged as key enablers of customers' digital transformation. Azure VMware Solution combines VMware's Software-Defined Data Center (SDDC) software with Microsoft's Azure global cloud service ecosystem. In addition, Azure VMware Solution meets performance, availability, security, and compliance requirements. For more information, see What is Azure VMware Solution.

Where is Azure VMware Solution available today?

The service is continuously being added to new regions. For details, see the latest service availability information.

Who supports Azure VMware Solution?

Microsoft delivers support for Azure VMware Solution. You can submit a support request. For Cloud Solution Provider (CSP) managed subscriptions, the first level of support provides the Solution Provider in the same fashion as CSP does for other Azure services.

Can workloads running in an Azure VMware Solution instance integrate with Azure services?

All Azure services are available to Azure VMware Solution customers. Performance and availability limitations for specific services should be addressed on a case-by-case basis.

What guest operating systems are compatible with Azure VMware Solution?

You can find information about guest operating system compatibility with vSphere by using the VMware Compatibility Guide. To identify the version of vSphere running in Azure VMware Solution, see VMware software versions.

What does the change control process look like?

Updates made follows Microsoft Azure's standard change management process. Customers are responsible for any workload administration tasks and the associated change management processes.

How is this version different from Azure VMware Solution by CloudSimple?

With the new Azure VMware Solution, Microsoft and VMware have a direct cloud provider partnership. The new solution is designed, built, and supported by Microsoft and endorsed by VMware. Architecturally, the solutions are consistent, with the VMware technology stack running on a dedicated Azure infrastructure.


How will I be billed during Preview?

Billing during Preview is monthly on a pay-as-you-go basis. Additional options are available at general availability (GA).

Is there an SLA on disk replacement when failures occur?

Any host with disk issues are replaced. It rolls up to 99.9 SLA availability of the Azure VMware Solution service.

How will pricing be structured for Azure VMware Solution?

For general questions on pricing, see the Azure VMware Solution pricing page.

Is VMware HCX Enterprise available, and if so, how much does it cost?

If you plan to use VMware HCX Enterprise, make sure you've enabled the VMware HCX Enterprise add-on through a support request. It's a free 12-month trial in Azure VMware Solution.

Will traffic between on-premises and Azure VMware Solution over ExpressRoute incur any outbound data transfer charge in the metered data plan?

Traffic in the Azure VMware Solution ExpressRoute circuit isn't metered in any way. Traffic from your ExpressRoute circuit connecting to your on-premises to Azure is charged according to ExpressRoute pricing plans.

  • Azure VMware Solution to vNet is through an internal ExpressRoute circuit and is free of cost within the same region as Azure VMware Solution. However, if the internal ExpressRoute circuit is connected cross-region, data transfer charges apply.

  • Azure VMware Solution to on-premises is done through vNet or ExpressRoute Global Reach (between the internal ExpressRoute and external ExpressRoute). It's still free provided the connection to vNet (mentioned above) or using ExpressRoute Global Reach is within the region where Azure VMware Solution is deployed.

When does metering begin and end for trial Azure VMware Solution clusters?

Trial clusters are limited to three hosts used for 30-day evaluations of Azure VMware Solution private clouds. After 30 days, clusters are automatically metered per their respective rates. If the trial clusters are deleted before the 30-day end date, the Azure VMware Solution trial will end at the time of deletion.

Is it necessary to procure additional VMware licensing and resources other than the AV36 instance when migrating from the on-premises VM environment with an L2 extension?

No, you don't need to procure additional VMware licensing beyond the Azure VMware Solution service. For more information, see the Azure VMware Solution pricing page to see what VMware technology is included.


How do I request a host quota increase for Azure VMware Solution?

Whether you want more hosts for an existing private cloud or you're creating a new private cloud, you'll need to submit a support ticket to have your hosts allocated. For more information, see Request host quota for Azure VMware Solution.

What accounts do I need to create an Azure VMware Solution private cloud?

You'll need an Azure account in an Azure subscription.

Are Red Hat solutions supported on Azure VMware Solution?

Microsoft and Red Hat share an integrated, co-located support team that provides a unified contact point for Red Hat ecosystems running on the Azure platform. Like other Azure platform services that work with Red Hat Enterprise Linux, Azure VMware Solution falls under the Cloud Access and integrated support umbrella. Red Hat Enterprise Linux supports running on top of Azure VMware Solution within Azure.

Customer communication

How can I receive an alert when Azure sends service health notifications to my Azure subscription?

You can find service issues, planned maintenance, health advisories, security advisories notifications published through Service Health in the Azure portal. You can take timely actions when you set up activity log alerts for these notifications. You can take timely actions when you set up activity log alerts for these notifications. For more information, see Create service health alerts using the Azure portal.

Screenshot of Service Health notifications.

Configuration and setup

How long does it take to provision the initial three hosts in a cluster?

At the moment, the provisioning can take roughly 3-4 hours. Adding a single node in existing/same cluster takes between 30 - 45 minutes.

VMware software

Can Azure VMware Solution VMs be managed by VMRC?

Yes. Provided the system it's installed on can access the private cloud vCenter and is using public DNS to resolve ESXi hostnames.

Are there special instructions for installing and using VMRC with Azure VMware Solution VMs?

No. To meet the VM prerequisites, follow the instructions provided by VMware.

Can I use vRealize Suite running on-premises?

Specific integrations and use cases are evaluated on a case-by-case basis.

Can I migrate vSphere VMs from on-premises environments to Azure VMware Solution private clouds?

Yes. VM migration and vMotion can be used to move VMs to a private cloud if standard cross vCenter vMotion requirements are met.

Is a specific version of vSphere required in on-premises environments?

All cloud environments come with VMware HCX, vSphere 5.5, or later in on-premises environments for vMotion.

Is VMware HCX supported on VPNs?

No, because of bandwidth and latency requirements.

What versions of VMware software are used in private clouds?

The VMware software versions used in new deployments of Azure VMware Solution private clouds clusters are:

Software Version
VCSA / vSphere / ESXi 6.7 U3l
ESXi 6.7 U3l
vSAN 6.7 U3l
HCX 4.1
NOTE: NSX-T is the only supported version of NSX.

The currently running software version is applied to new clusters added to an existing private cloud. For more information, see the VMware software version requirements.

How often is the VMware software (ESXi, vCenter, PSC, and NXS) patched, updated, or upgraded in the Azure VMware Solution private cloud?

One benefit of Azure VMware Solution private clouds is the platform is maintained for you. Microsoft is responsible for the lifecycle management of VMware software (ESXi, vCenter, and vSAN). Microsoft is also responsible for the lifecycle management of NSX-T appliances, bootstrapping the network configuration, such as creating the Tier-0 gateway and enabling North-South routing. You're responsible for NSX-T SDN configuration: network segments, distributed firewall rules, Tier 1 gateways, and load balancers.

Microsoft is responsible for applying any patches, updates, or upgrades to ESXi, vCenter, vSAN, and NSX-T in your private cloud. The impact of patches, updates, and upgrades on ESXi, vCenter, and NSX-T is different.

  • ESXi - There's no impact to workloads running in your private cloud. Access to vCenter and NSX-T isn't blocked during this time. It's recommended that, during this time, you don't plan any other activities like scaling up private cloud, and so on, in your private cloud.

  • vCenter - There's no impact to workloads running in your private cloud. During this time, vCenter will be unavailable and you won't be able to manage VMs (stop, start, create, or delete). It's recommended that, during this time, you don't plan any other activities like scaling up private cloud, creating new networks, and so on, in your private cloud.

  • NSX-T - There's workload impact and when a particular host is being upgraded, the VMs on that host might lose connectivity from 2 seconds to maximum 1 minute with any and all of the following symptoms:

    • Ping errors

    • Packet loss

    • Error messages (for example, Destination Host Unreachable and Net unreachable)

    During this upgrade window, all access to the NSX-T management plane will be blocked. You can't make configuration changes to the NSX-T environment for the duration. However, your workloads will continue to run as normal, subject to the upgrade impact detailed above.

    It's recommended that, during the upgrade time, you don't plan any other activities like scaling up private cloud, and so on, in your private cloud. These can prevent the upgrade from starting or could have adverse impacts on the upgrade and the environment.

You'll be notified before patches/updates or upgrades are applied to your private clouds. We'll also work with you to schedule a maintenance window before applying updates or upgrades to your private cloud.

Software updates include:

  • Patches - Security patches or bug fixes released by VMware

  • Updates - Minor version change of a VMware stack component

  • Upgrades - Major version change of a VMware stack component


Microsoft tests a critical security patch as soon as it becomes available from VMware.

Documented VMware workarounds are implemented in lieu of installing a corresponding patch until the next scheduled updates are deployed.

Do private clouds use VMware NSX? If so, which version is supported?

Yes, NSX-T is the only supported version of NSX.

NSX-T 3.1.2 is used for the software-defined networking in Azure VMware Solution private clouds.

Is NSX required in on-premises environments or networks that connect to a private cloud?

No, you aren't required to use NSX on-premises.

Is VMware Horizon 8 2012 compatible with Azure VMware Solution?


Can I change the default vSphere Web Client timeout value?

Yes. For information on changing the timeout value, see Configure the vSphere Web Client Timeout Value.


Why can't I see my Sentinel Management tab in the HCX Manager when using the Sentinel Appliance service?

The Sentinel Management tab provides you access to download the Sentinel software. It appears in the HCX Interconnect interface when an HCX Enterprise license is activated, and you have deployed a service mesh with a Sentinel Gateway (SGW) and Sentinel Data Receiver (SDR) pair deployed. Also, in traditional on-premises to cloud deployments, the Sentinel tab is only visible in the Connector, not cloud manager.

If we migrate a VM created with thin provisioning on the on-premises side to Azure VMware Solution, will the VM remain thin?

No. However, if the VM is migrated as thick, you can change policies on the individual VMs and individual vmdks through a combination of UI and PowerCLI.


What are the CPU specifications in each type of host?

The servers have dual 18 core 2.3 GHz Intel CPUs.

How much memory is in each host?

The servers have 576 GB of RAM.

Does Azure VMware Solution support running ESXi/ESX as a nested virtualization solution?

No. VMware does not officially support nested virtualization.


What independent software vendors (ISVs) backup solutions work with Azure VMware Solution?

Commvault, Veritas, and Veeam have extended their backup solutions to work with Azure VMware Solution. However, any backup solution that uses VMware vStorage API for Data Protection (VADP) with the HotAdd transport mode works out of the box on Azure VMware Solution. For more information, see Backup solutions for Azure VMware Solution VMs.

What about support for ISV backup solutions?

As these backup solutions are installed and managed by customers, they can reach out to the respective ISV for support.

Networking and interconnectivity

Can Azure Bastion be used for connecting to Azure VMware Solution VMs?

Azure Bastion is the service recommended to connect to the jump box to prevent exposing Azure VMware Solution to the internet. You can't use Azure Bastion to connect to Azure VMware Solution VMs since they aren't Azure IaaS objects.

How much network bandwidth is available in each ESXi host?

Each ESXi host in Azure VMware Solution is configured with four 25-Gbps NICs, two NICs provisioned for ESXi system traffic, and two NICs provisioned for workload traffic.

Are the SNMP infrastructure logs shared?


Does ExpressRoute support packets exceeding MTU of 1500?


Can Azure Load Balancer internal be used for Azure VMware Solution VMs?

No. Azure Load Balancer internal-only supports Azure IaaS VMs. Azure Load Balancer doesn't support IP-based backend pools; only Azure VMs or virtual machine scale set objects in which Azure VMware Solution VMs aren't Azure objects.

Can an existing ExpressRoute Gateway be used to connect to Azure VMware Solution?

Yes. Use an existing ExpressRoute Gateway to connect to Azure VMware Solution as long as it doesn't exceed the limit of four ExpressRoute circuits per virtual network. To access Azure VMware Solution from on-premises through ExpressRoute, you must have ExpressRoute Global Reach since the ExpressRoute Gateway doesn't provide transitive routing between its connected circuits.

Why does Azure VMware Solution use a Public 4-byte Autonomous System Number (ASN)?

Azure VMware Solution uses the officially registered Public 4-byte ASNs to ensure there is never a conflict with your on-premises use of Private ASNs in the customer's routing path to Azure VMware Solution.

How can I use ExpressRoute to connect to Azure VMware Solution if the on-premises ExpressRoute-carrier partners/ISPs don't support 4-byte ASN?

The only way to connect to Azure VMware Solution through ExpressRoute is for your environment and the on-premises ExpressRoute-carrier partners/ISPs support 4-byte ASN or have backward compatibility from 4 byte to 2-byte ASN in the BGP prefix ASN path advertisement.

What network IP address planning is required to incorporate private clouds with on-premises environments?

A private network /22 address space is required to deploy an Azure VMware Solution private cloud. This private address space shouldn't overlap with other virtual networks in a subscription or with on-premises networks.

How do I connect from on-premises environments to an Azure VMware Solution private cloud?

You can connect to the service in one of two methods:

  • With a VM or application gateway deployed on an Azure virtual network that is peered through ExpressRoute to the private cloud.
  • Through ExpressRoute Global Reach from your on-premises data center to an Azure ExpressRoute circuit.

Could I use HCX through public Internet communications as a workaround for the non-supportability of HCX when using VPN S2S with vWAN for on-premises communications?

Currently, the only supported method for VMware HCX is through ExpressRoute.

How do I connect a workload VM to the internet or an Azure service endpoint?

In the Azure portal, enable internet connectivity for a private cloud. With NSX-T manager, create an NSX-T T1 router and a logical switch. You then use vCenter to deploy a VM on the network segment defined by the logical switch. That VM has network access to the internet and Azure services.


A T0 router is created and configured as part of a private cloud deployment. Any modification to that logical router or the NSX-T edge node VMs could affect connectivity to your private cloud.

Do I need to restrict access from the internet to VMs on logical networks in a private cloud?

No. Network traffic inbound from the internet directly to private clouds isn't allowed by default. However, you're able to expose Azure VMware Solution VMs to the internet through the Public IP option in your Azure portal for your Azure VMware Solution private cloud.

Do I need to restrict internet access from VMs on logical networks to the internet?

Yes. You'll need to use NSX-T manager to create a firewall to restrict VM access to the internet.

Which IP range can be used for DNS service IP and DHCP server IP?

The IP address range shouldn't overlap with the IP range used in other virtual networks in your subscription and on-premises networks.

Can Azure VMware Solution use Azure Virtual WAN hosted ExpressRoute Gateways?


Can transit connectivity be established between on-premises and Azure VMware Solution through Azure Virtual WAN over ExpressRoute Global Reach?

Azure Virtual WAN doesn't provide transitive routing between two connected ExpressRoute circuits and non-virtual WAN ExpressRoute Gateway. ExpressRoute Global Reach allows connectivity between on-premises and Azure VMware Solution but goes through Microsoft's global network instead of the Virtual WAN Hub.

Is Windows 2008 supported as an Active Directory (AD) server or Remote Desktop Session Host (RDSH) OS in NSX-T?



What is the correct storage policy for the dedup setup?

Use the thin_provision storage policy for your VM template. The default is thick_provision.

What is the storage capacity of each host?

Each ESXi host has two vSAN disk groups with a capacity tier of 15.2TB and a 3.2-TB NVMe cache tier (1.6 TB in each disk group).

Is data stored on the vSAN datastores encrypted at rest?

Yes, vSAN datastores use data-at-rest encryption by default using keys stored in Azure Key Vault. The encryption solution is KMS-based and supports vCenter operations for key management. When a host is removed from a cluster, data on SSDs is invalidated immediately.

Can I rename a datastore or cluster during creation?

No, you can't change the name of datastores or clusters. The cluster name is configurable through non-portal deployment mechanisms for non-primary clusters.

What is the Fault tolerance of hardware failure on the vSAN?

FTT-1, RAID-1 (mirroring) with Object Space reservation set to Thick Provisioning is the Default Storage policy for the SDDC.

Screenshot that shows the vSphere Client VM Storage Policies.

Why is thick provisioning the default vSAN policy in Azure VMware Solution?

Thick provisioning is reserved or pre-allocated storage space. Thick provisioning protects systems by allowing them to function even if the vSAN datastore is full because the space is already reserved. For example, suppose you create a 10GB virtual disk with thick provisioning. In that case, the full amount of virtual disk storage capacity is pre-allocated on the physical storage where the virtual disk is created and consumes all the space allocated to it in the datastore. It won't allow other VMs to share the space from the datastore. A thin-provisioned virtual disk consumes the space that it needs initially and grows to the data space demand used in the datastore.

Can I create a new VM in Azure VMware Solution with thin provisioning even if the default vSAN policy is thick provisioning?

Yes. Outside of the default (thick_provision), you can create VMs with FTT1 thin provisioning.

How many disks can fail on the vSAN before data loss occurs?

It depends on how you plan your application workloads to run inside the SDDC (private cloud). Microsoft governs these failures regularly and replaces the hardware when such events are detected from an infrastructure perspective. As a default, a setting of FFT-1 is used, which accommodates a single host's failure.

What kind of alerts can I expect to see for vSAN?

Microsoft provides alerts when capacity consumption exceeds 75%. Alternatively, you can also monitor capacity consumption metrics that are integrated into Azure Monitor.

How many 1.6-TB NVMe drives make up the disk groups to provide the 15.4 TB of raw SSD storage per host?

The AV36 SKU includes 2 1.6 TB NVMe Cache and 8 1.9TB raw storage capacity. These are then split into two disk groups.

What is the RAID configuration of the disk groups?

The disk groups are not RAID configured. Instead, they are just a bunch of disks (JBOD) and are directly controlled by vSAN.

Hosts, clusters, and private clouds

Is there more than one type of host available?

No. There's only one type available.

Do I use the same tools that I use now to manage private cloud resources?

Yes. The Azure portal is used for deployment and several management operations. vCenter and NSX Manager are used to manage vSphere and NSX-T resources.

Can I manage a private cloud with my on-premises vCenter?

At launch, Azure VMware Solution won't support a single management experience across on-premises and private cloud environments. You manage private cloud clusters with vCenter and NSX Manager local to a private cloud.

If a cluster is scaled up, and then workload demand falls, can it be scaled back down?

Yes, as long as you have the quota allocated against your private cloud, you can scale out your clusters. When workload demand falls, you can delete hosts from the cluster to scale it down. You can do this through the Azure VMware Solution portal.

Is the underlying infrastructure shared?

No, private cloud hosts and clusters are dedicated and securely erased before and after use.

What are the minimum and the maximum number of hosts per cluster?

Clusters can scale between three (minimum) and 16 (maximum) ESXi hosts. Trial clusters are limited to three hosts.

Can I scale my private cloud clusters?

Yes, clusters scale between three (minimum) and 16 (maximum) ESXi hosts.

What are trial clusters?

Trial clusters are limited to three hosts used for one-month evaluations of Azure VMware Solution private clouds.

Identity management

What accounts and privileges will I get with my new Azure VMware Solution private cloud?

You're provided credentials for a cloudadmin user in vCenter and admin access on NSX-T Manager. You can also use a CloudAdmin group to incorporate Azure Active Directory. For more information, see Access and identity Concepts.

Can have administrator access to ESXi hosts?

No, administrator access to ESXi is restricted to meet the security requirements of the solution.

What privileges and permissions will I have in vCenter?

You'll have CloudAdmin role privileges. For more information, see Access and identity Concepts.

What privileges and permissions will I have on the NSX-T manager?

You'll have full administrator privileges on NSX-T and can manage vSphere role-based access control as you would with NSX-T Data Center on-premises. For more information, see Access and Identity Concepts.


A T0 router is created and configured as part of a private cloud deployment. Any modification to that logical router or the NSX-T edge node VMs could affect connectivity to your private cloud.

How can I change my credentials?

For information on resetting your credentials, see Rotate the cloudadmin credentials for Azure VMware Solution.

Are the cloudadmin extension privileges supported by Azure VMware Solution?

No. We currently don't support cloudadmin extension privileges and have no plans to support it.

CSP and multi-tenancy

Does Azure VMware Solution provide an option for hoster partners to resell the service?

Does Azure VMware Solution offer multi-tenancy for hosting CSP partners?

No. Currently, Azure VMware Solution doesn't offer multi-tenancy.

Does Azure VMware Solution enable a hoster partner to partition resources within the private cloud (SDDC) to manage for customers in a multi-tenanted way?

No, an Azure VMware Solution private cloud cannot be shared between end customers.

I use Azure VMware Solution to create end-user applications or workloads accessed on multiple VMs through public IP. Can I sell this solution to multiple tenants?

Customers can create multi-tenant environments in their Azure VMware Solution private cloud and sell to customers provided the product is not a standard VM and have added substantial intellectual property embedded in the VM as an application.

As a hoster or customer, can I use my existing VMware Cloud Director (VCD) or new VCXD deployment in Azure VMware Solution?

VMware does not allow VCD in the cloud or from on-premises to be licensed with any Hyperscaler, including Microsoft.

Can I connect VMware Cloud Director Service (CDS) to my Azure VMware Solution instance in Azure?

Although technically possible, Microsoft does not allow Azure VMware Solution to be used through the new CDS service from VMware running on VMC.

Can Azure VMware Solution be purchased through a Microsoft CSP?

Yes, customers can deploy Azure VMware Solution within an Azure subscription managed by a CSP.

Are Reserved Instances available for purchasing through the CSP program?

Yes. CSPs can purchase reserved instances for their customers. For more information, see Save costs with a reserved instance.